Apple Logs Your iMessage Contacts — and May Share Them With Police

Apple promises that your iMessage conversations are safe and out of reach from anyone other than you and your friends. But according to a document obtained by The Intercept, your blue-bubbled texts do leave behind a log of which phone numbers you are poised to contact and shares this (and other potentially sensitive metadata) with law enforcement when compelled by court order.

Every time you type a number into your iPhone for a text conversation, the Messages app contacts Apple servers to determine whether to route a given message over the ubiquitous SMS system, represented in the app by those déclassé green text bubbles, or over Apple’s proprietary and more secure messaging network, represented by pleasant blue bubbles, according to the document. Apple records each query in which your phone calls home to see who’s in the iMessage system and who’s not.

This log also includes the date and time when you entered a number, along with your IP address — which could, contrary to a 2013 Apple claim that “we do not store data related to customers’ location,” identify a customer’s location. Apple is compelled to turn over such information via court orders for systems known as “pen registers” or “trap and trace devices,” orders that are not particularly onerous to obtain, requiring only that government lawyers represent they are “likely” to obtain information whose “use is relevant to an ongoing criminal investigation.” Apple confirmed to The Intercept that it only retains these logs for a period of 30 days, though court orders of this kind can typically be extended in additional 30-day periods, meaning a series of monthlong log snapshots from Apple could be strung together by police to create a longer list of whose numbers someone has been entering.

The Intercept received the document about Apple’s Messages logs as part of a larger cache originating from within the Florida Department of Law Enforcement’s Electronic Surveillance Support Team, a state police agency that facilitates police data collection using controversial tools like the Stingray, along with conventional techniques like pen registers. The document, titled “iMessage FAQ for Law Enforcement,” is designated for “Law Enforcement Sources” and “For Official Use Only,” though it’s unclear who wrote it or for what specific audience — metadata embedded in the PDF cites an author only named “mrrodriguez.” (The term “iMessages” refers to an old name for the Messages app still commonly used to refer to it.)

Phone companies routinely hand over metadata about calls to law enforcement in response to pen register warrants. But it’s noteworthy that Apple is able to provide information on iMessage contacts under such warrants given that Apple and others have positioned the messaging platform as a particularly secure alternative to regular texting.

The document reads like a fairly standard overview that one might forward to a clueless parent (questions include “How does it work?” and “Does iMessage use my cellular data plan?”), until the final section, “What will I get if I serve Apple with a [pen register/trap and trace] court order for an iMessage account?”:

This is a lot of bullet points to say one thing: Apple maintains a log of phone numbers you’ve entered into Messages and potentially elsewhere on an Apple device, like the Contacts app, even if you never end up communicating with those people. The document implies that Messages transmits these numbers to Apple when you open a new chat window and select a contact or number with whom to communicate, but it’s unclear exactly when these queries are triggered, and how often — an Apple spokesperson confirmed only that the logging information in the iMessage FAQ is “generally accurate,” but declined to elaborate on the record.

Illustration: Selman Design for The Intercept

Apple provided the following statement:

When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place.

And it’s true, based on the sample information provided in the FAQ, that Apple doesn’t appear to provide any indication whatsoever that an iMessage conversation took place. But a list of the people you choose to associate with can be just as sensitive as your messages with those people. It requires little stretching of the imagination to come up with a scenario in which the fact that you swapped numbers with someone at some point in the past could be construed as incriminating or compromising.

Andrew Crocker, an attorney with the Electronic Frontier Foundation, said the document prompted further questions:

“How often are lookups performed? Does opening [an iMessage] thread cause a lookup? Why is Apple retaining this information?”

The Florida Department of Law Enforcement did not return a request for comment.

The fact that Apple is able and willing to help the government map the communications networks of its users doesn’t necessarily undermine the company’s posturing (and record) as a guardian of privacy, though this leaked document provides more detail about how the iMessages system can be monitored than has been volunteered in the past. Ideally, customers wouldn’t need to read documents marked “For Official Use Only” in order to know what information Apple may or may not disclose to the police. In a section of its website devoted to touting the privacy safeguards in its products, Apple claims that “your iMessages and FaceTime calls are your business, not ours. … Unlike other companies’ messaging services, Apple doesn’t scan your communications, and we wouldn’t be able to comply with a wiretap order even if we wanted to.”

In 2013, after Apple was revealed to be among the tech companies caught up in an NSA surveillance program known as PRISM, which tapped into customer information on the central servers of nine leading internet companies, the company released a rare statement regarding its “commitment to customer privacy,” insisting that it would be unable to share sensitive customer data even if it wanted to:

For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them. Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form.

Questions of how much Apple could or would aid police if asked vaulted back into headlines following the mass shooting in San Bernardino last year, which left the FBI in possession of the shooter’s iPhone, which it was unable initially to decrypt. Apple balked at demands that it help crack the phone, allowing it to enjoy a reputation as not just a maker of expensive electronics, but a determined privacy advocate. We need more technology companies that are willing to take public, principled stands in defense of our private lives, but these same companies should follow through with technical transparency, not just statements.

We depend on the support of readers like you to help keep our nonprofit newsroom strong and independent. Join Us

Contact the author:

Just curious, but why does Apple have a proprietary messaging system, when all the telecoms provide messaging as part of their service? Oh, excuse me, I should have known. So that Apple can keep their hooks into their customers.

I had a GSM phone with T-Mobile and when it died after ten years, I bought an Android phone. All my message files moved over to the new phone. Does that happen if you move from an iPhone to an Android? If Apple has to be involved, maybe not. Can anyone speak from experience?

Samsung doesn’t operate it’s own proprietary messaging service. It used to have one, but no one used it.

Use a service like Telegram which is privacy focused, and but US based. The truth is that Apple’s claims about privacy have always been empty. The statements essentially served as a convenient excuse for why the iPhone uses lesser hardware, but costs more money than Android phones with 4K AMOLED screens etc. In fact the first privacy statement was right after Apple’s poor iCloud security resulted in the Celebgate nurse photo leaks. Your iPhone backups were stored on a server with no brute force protection, and they could be downloaded with widely available commercial software without the users knowledge or consent. These backups contain all of you iMessages in addition to your photos. Apple was warned of the security flaw by a researcher months before the scandal and took no action. This is documented. Apple cares only about you security as a marketing tactic.

That’s not to say that Google, Samsung, or anyone else cares more, but Apple really doesn’t do any more despite their public statements. Another example is that Apple unlocked 70+ iPhone <=5c devices before a judge in NY made the court order public. They didn't fight orders 1-70 when no one would know. They only cared enough to fight a legal battle when it might hurt PR.

Because iMessage works Mac to Mac as well, an iMessage conversation can be wholly Internet-based and need not be associated with phone numbers. To avoid being logged by phone nimber, sender and receiver should exchange the email addresss associated with their Apple ID accounts by some other means, and add each other to their Contacts apps. Both parties should turn off Send as SMS in settings, set Send & Receive to be reachable from their email addresses, and also set Start New Conversation from their email address instead of their phone number. A new Messages conversation should be started and sent to the other user’s email address instead of phone number. The goal would be to never associate the conversation with phone numbers and thus never require a lookup to be logged in the phone number-to-iMessage database.

FYI, all the carriers keep records of the actual text messages that are sent, and can track via IP, Mac Address or Phone number. I’d be more concerned about that. How do I know? I’ve had to sort through text messages from major carrier obtained through a court order.

Ironic the FBI encryption stint happened shortly after it was publicly acknowledged that apple kills 3rd party phone fixes for iPhone 6
–
Apples recent patent to design remote shut off cameras With a type of signal-
– starting to sound like a scary Richard Stallman Orwell story

USG wants all your information that they have been unable to get from facebook and other sources. Do you really believe that some outside source could make off with much of yahoo’s customers without getting them all?

What about inside job masked as a theft? What about Yahoo, co-operating with a verbal gov request for more data without a warrant, simply made a deal to hand stuff over and excuse it to theft?

So what happened? How about certain people involved in the “transfer” got some emails for themselves – knowing the operation was illegal – and used that info to defraud some customers and things went sideways from there – so here we are.

the shit is about to hit the fan. Stupid Obama vetoed the bill to allow American victims to sue saudi arabia. Fortunately the senate told Obama to go to hell. But that isn’t the shit about to hit the fan – that shit is israeli shit genocide and land theft that israel is about to go to court for.

The White House is pushing the blame for internet insecurity onto the hapless user. They are not using secure enough authentication. It is their fault. They need reeducation. They want you to use text verification. The NIST is advising against using this proven hackable technology. The NIST is pushing fingerprints etc. which many government agencies have on file from birth. You would be giving the government and hackers a free pass to everything.

Half a billion YAHOO/VERIZON user had their personal information hacked two years ago. They just got around to telling us about it this week. They want us to delete those security questions they made us all give them when we signed up for an account even though our common sense told us that it made us a lot more insecure. Now they want us to give them our phone numbers to let us secure our accounts. Oh really?

Thanks for the info. I never trusted that fingerprint id ever since i saw how easy it was to forge. And the facey booker thief and now microsoft are pushing hard on face and voice and iris recognition.

Not surprising. The criminal organisation that runs this country also helped wallstreet stay in business to keep robbing the public and now is pushing to subordinate the will of the people to the will of the TPP. Hellary, the monster’s mother (https://theintercept.com/2016/08/26/clinton-foundation-spin) is their favorite person for this theft operation. Pushing their crap onto everyday Americans – Right, it’s our fault for accepting home values and getting a loan then having our homes stolen by wallstreet. It’s our fault for creating more wells fargo accounts to keep our nothing job so we could pay the mortgage to keep our families off the street. It’s our fault for believing WMD. It’s always OUR FAULT.

You know what’s our “fault”? Allowing the criminal con currency system to remain in place that wallstreet owns to use abuse and rob Americans.

I will say one thing about ID’s however in support of the police who pull someone over and try to figure out who the driver really is. It’s a real challenge! When the driver says “i left my license at home” it could mean – “i just robbed the store down the street, killed the owner, the money’s in the trunk and i was trying to make my gettaway when you lit me up.” But the real wallstreet criminals do not want to separate ID and privacy at all.

Government schools certainly don’t teach people about it. It is never a topic of debate in a presidential election, and almost never discussed in ANY election at any level of government. Ron Paul and Dennis Kucinich are the only people I remember who talked about it, and they were quickly marginalized as “kooks”. If it’s ever discussed anywhere in the mainstream media, it’s always treated as matter-of-fact and never, ever questioned.

If YOU understand how it works, I’ll bet that you learned through many hours of patient self-study, reading little-known books and visiting obscure web sites. Even if someone goes so far that they begin to catch on, the mind wants to recoil in horror at the injustice and absurdity of the whole thing.
I suppose you could blame people for intellectual laziness, but this (by design of course) is a hard subject to understand, and the fact that it’s treated and experienced as utterly “normal” is unlikely to arouse curiosity. The system totally sucks, and is arguably the most grievous injustice in human society, but I have trouble laying the blame on “US”(as in the people of the USA) for a scam that’s been going on for over 400 years.

ok. The monetary system is our “fault”, faultline, vulnerability – not our doing. Just to be clear.Ron Paul and Dennis Kucinich are the only people I remember who talked about it, and they were quickly marginalized as “kooks”. YEP. And yes i learned by reading everything i found.
Want to make it easy to understand? Replace “currency” with “water”. Paint that picture.
The scam really started in the US dec 24 1913. We can tie every major economic event to the cycle methods and properties of the deviant currency system which needs to go.

Signal is developed, and hosted, in the US. Therefore they are compelled, like any other, to provide customer metadata to US agencies upon request (Nat. Sec. Letter or subpoenas) *and* keep that secret (“gag order”). Edward Snowden’s endorsement of Signal, as a US-based service, is completely absurd. Metadata *cannot* be encrypted, and there is no way for Signal to escape US law.

Threema, though, is an excellent recommendation. They are based in Switzerland, and therefore (relatively) immune to US law.

Meta data flows around the internet and can be read my anyone tapping wires regardless the location of hosting. Same with threema. Threema is much worse because it’s not really open source and can’t be fully audited.

My messages are so benign, I really don’t think anyone would give a hoot. Out of all the “messages” out there, I’m not sure how they would be able to monitor all of them. And I don’t really care. If it’s helps to stop just one terrorist, then it’s a good thing.

But whether or not YOU care isn’t the issue. It’s about whether a government should have this level of penetrative & pervasive surveillance powers into the private lives of citizens accused of no crimes–without cause or warrant.

In some repressive countries, you bet, that’s the name of the game. But the U.S. is supposed to be different. And if you want to actually be different from your enemies, you have to actually, you know, BE DIFFERENT. Act different.

The U.S. Constitution & particularly the Bill of Rights is there to check such powers. If we don’t fall back on them now, to remain (or go back to sort-of being?) different from the rest of the f’ing world, when it’s inconvenient & messy to do so, then what’s the point of fighting ‘them’? We ARE them.

I think people don’t comprehend how unique the U.S. was upon its founding. We were UNPRECEDENTED. The Constitution and especially the Bill or Rights were, in their intent and breadth, unprecedented.

And you want to give it all away now?? B/C your texts and calls are so mundane?

Wtf.

And as far as the content not mattering…they don’t want content. They don’t need content.

“…As NSA General Counsel Stewart Baker has said, “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” When I quoted Baker at a recent debate at Johns Hopkins University, my opponent, General Michael Hayden, former director of the NSA and the CIA, called Baker’s comment “absolutely correct,” and raised him one, asserting, “We kill people based on metadata.”

So, yeah.

And seriously, let’s say we can all trust that one guy in the government to use all this warrantless, intrusive data for ‘good’ and moral purposes. Do you trust the next guy? And the one after him?

Laws are ‘no’s.’ The Bill of Rights is a list of rules for the government that says, ‘No you may not.’

I can’t even understand the “if you haven’t done anything wrong, you have nothing to fear” mentality. I’m outraged by the passivity and ease of the thought. The whole reason the Bill of Rights was written was because those early statesmen knew the government was going to push & push for more power over and into its citizenry. They were writing restraint into our government. Because they knew the dangers of it not being restrained. It would become like every other regime out there.

I think people don’t comprehend how unique the U.S. was upon its founding.

they dont. Most Americans have mutated into cattle. Wallstreet and DC consider Americans expendable. Americans were not given proper recourse by the founding documents and have to rely on the criminals that now own the courts – like in egypt.

I get where you’re coming from, but that doesn’t help you if the government is interested in someone who has you in *their* contacts.

“Terrorist” is defined by the government as someone *they* perceive as a threat.

When you end up on a non-fly list & have your life adversely impacted (getting turned down for loans or jobs or apartments) because of your associations with someone active with PETA or #Anonymous (classified as terrorist organizations by the US), civil rights suddenly become way more important than when we think they only effect people who “deserve” to have them violated.

The problem with having stuff available is that it makes it easy for abuse to happen. Just like when Lois Lerner abused her power with the I.R.S. because they had information and she used it for her own agenda. Thats the problem, you can’t keep nosy people from digging in and you can’t keep some people from trying to abuse for their own personal gain.

Thats the problem, you can’t keep nosy people from digging in and you can’t keep some people from trying to abuse for their own personal gain.
SPOT ON.

The perfectionist dummies will trade anything and everything away for their delusion of perfect security while at the same time being robbed of everything else because they have a mental defect, a phobia of pain.

there’s no MAY about it. In the bigger picture of the American economic operating environment, there has come a time when the criminal wallstreet economic ponzi scheme of printing money to loan to repo (pass the debt to the next sucker or be gone with you) – the time has come whereby in times past, citizens who once revolted against the horders of wealth and power, have entered into a feeding frenzy of desparation to escape the langoliers of poverty.

Wallstreet – the currency centerpiece for the operations of gathering wealth – have “agencies” to alleviate their paranoia and head off the anger of their victims who would rise against them. Currently they only prosecuting and jailing those executives and cons who trespass upon their territory – basically non-members of their thiefdom. Go ahead, look it up, they only jailed Madoff because he made off with money of their members and clients.

The collective of wallstreet cons and thieves needs to keep a close watch on their cattle before they slaughter them with the langoliers.

The article is made up with no facts, and the editor did no research before writing this article. First off Apple has already told the government they can’t access iMessages as the government asked already and was refused. Text messages however they can’t control because that is on your carrier’s server not Apple’s. Secondly if the editor followed the FBI/Apple battle over unlocking the Terrorist iPhone he would realize Apple won’t cave. In the end Apple had their way and the government paid a million dollars for a hacking firm to break into the iPhone, but rest assured Apple patched that flaw in iOS 9.3.4. Seriously people need to start doing research and not just saying what they think will get the most clicks. It’s the reputation of the site and the credibility of the editor. But rest assured Android devices are easy to break into and the government doesn’t need Google’s help.

This is a moot issue. Your cell phone company also keeps logs of phone numbers you’ve called/text and websites you’ve visited. Anything that travels across their networks are being logged for meta data. They are not capturing the content of your phone calls or text messages but in order to be truly anon, one must either quit using phones/internet.

When I visited this web site to read this article, I am pretty sure the Intercept web servers recorded my IP address — which could ” identify my location — information about my browser and operating system, what browser plug-ins I have installed, and perhaps which web site I was on (referrer) before coming here. When law enforcement presents the Intercept with a valid subpoena or court order, do you provide the requested information if it is in your possession? How long do you keep your logs?

Proprietary software (non-free, user-subjugating software that denies users the freedoms to run, share, and modify the software — see https://www.gnu.org/philosophy/free-sw.html for more information) is untrustworthy by default. The idea that you can type your sensitive message into proprietary software, allow a device running proprietary software to track your movements, let proprietary software operate a mic and/or camera, and somehow avoid letting the proprietor do what they want with that data is at best naive and at worst rights-violating and lethal to the user.

It doesn’t matter what the proprietor claims; Apple never told its users it was collaborating with the NSA (until possibly after Snowden told us) because Apple knew this would not go over well. One has to understand the structure of power in computers to see who is really in control. Fortunately this isn’t hard to understand: either the user is in control of the software (software freedom), or the software is in control of the user (proprietary).

We don’t need to be programmers to value software freedom, just as we don’t need to be plumbers to value potable water and indoor toilets, we don’t need to be electricians to value in-home electricity, or lawyers to value our civil rights. But we can’t reasonably expect “Apple’s proprietary and more secure messaging network” to be secure precisely because it is proprietary. If it’s proprietary, its operation is a secret kept from users. Calling something secure is an evaluation. Apple’s choice to distribute proprietary software subjugates their users to Apple’s whim. The only way to make the software trustworthy is to release it under a free software license.

Other questions you might wonder about Apple’s alleged “commitment to customer privacy”: when a proprietary program performs encryption, could the encryption use a second key controlled by the proprietor such that decryption with either key reveals the plaintext? Could the plaintext be uploaded to the proprietor without the user’s approval (thus obviating the need for duplicitous 2-party encryption)? Could some other program installed on the device spy on the user’s input (keystrokes, camera, mic, location, address book, etc.) and get the sensitive data without the user’s permission?

The only way to clearly answer these questions is to run only free software on a computer because then either you or someone you trust can give you definitive answers by examining source code and changing it to meet your needs. Trackers (also known as “cell phones”) don’t do this now because they all run on proprietary software. One may have to make a minor sacrifice of not having a tracker in order to avoid the traps that come with proprietary software.

..it seems as if the StartCom technical infrastructure was being used by WoSign when they were caught issuing about a hundred[20] improperly validated SSL certificates, including a certificate for github.com.

“But a list of the people you choose to associate with can be just as sensitive as your messages with those people.”

Um… No. Not that’s it not sensitive, and that this isn’t an invasion of privacy or that it should require a warrant, and while I realize that the author qualified this with, “can be,” and that it might lead to a warrant to search your phone or your associate’s phone, should you have some contacts that are questionable, but just knowing who you talk to just isn’t as bad as a transcript of your actual conversation.

“…but just knowing who you talk to just isn’t as bad as a transcript of your actual conversation.”

I strenuously disagree, my friend. I’d far rather them have the whole content than just metadata. Why? Because I really am a law-abiding citizen.

If they have the content of my communications, they have proof that I am innocent, and I know that they have it, and I can use it to defend myself in court, even forcing them not to use any of my captured communications at all.

If all they have is metadata, I have NO proof of my innocence, and no defense whatsoever against *implied* wrongdoing by association in court. They can and will take it and run with it, and swear that the guy whose number I have in my phone because he mows my lawn is my best friend and criminal associate, and whatever he did I had previous knowledge of.

People have been convicted on far less than metadata. I trust you’ve never been falsely accused of anything yourself. It’s a dangerous world we live in these days.

It is not that simple. It has been reported that metadata of any individual can be used to construct a constellation of contacts and the various nodes through which each maintains his own network of contacts. Thus it could be possible to identify various groups or institutions to which each person is affiliated or shares in common. Automatic tracking of cellphone locations in real time is made possible through widespread use of memory resident GPS software. By comparing the movement of a discrete group of individuals whose constellations share a common node, it is possible to determine when and where those individuals meet with one another. So, too, intra-nodal constellations can be constructed to weight the significance of communication between them. A real life example might be a black political activist whose worldview is shared by members of his local church. As the communication of this activist comes into focus, law enforcement could learn with whom this individual communicates regularly, but learn the points (nodes) of commonality (e.g. church) they share. Now lets further assume that this church is innocently providing charity to individuals from a war torn region via local aid organizations who have been secretly identified as sympathetic to known terrorist organizations; this nodal association is thus flagged and weighted to a degree that makes everyone on the church node a potential person of interest. Now let’s further assume that these activists are southern baptists and thus share a common desire with other nearby SB congregations to provide charitable relief in a like fashion (as often happens between protestant churches of a particular denomination). The end result of this common activity would predictably result in a flagged nodal network whose activities might be construed as originating from a shared set of beliefs that originated from the Southern Baptist Convention itself.

Now, let’s further assume that this particular grouping of SB congregations is being heavily influenced by the liberation theology of pastor Benjamin Cole. And let’s also consider that the perceived origins of liberation theology is the KGB (due to its strongly “Marxist” nature). Then Benjamin Cole’s academic contacts might be flagged for further examination wherein it is revealed that Baylor professor Marc Ellis was the principle mean through which Cole was influenced. And now Ellis becomes a major node through which..?

it is possible to determine when and where those individuals meet with one another.
spot on.
The control freaks who feed upon the public and rob the public on mainstreet fear legal clawback. The nazis of today have risen from the ashes and are looking to condition the public into something resembling an insect colony of worker ants.

owning controlling monitoring intercepting changing censoring the communications of human beings is what paranoid freak psycho thieves need to do who operate a large criminal enterprise and want to continue doing so.

As I feared and expected, they weren’t even offering the privacy they said they would.

Since they’re not even doing the laudable things they claim to do, and doing so much more that is awful (taxes, non-free software, walled-garden “app stores”, generally turning the internet into a desktop-hostile “mobile-friendly” sewer), there’s no more reason to cheer them, if there ever even was.

Besides, boycotting Apple keeps you away from the long lines of fashion-minded fools, which is a great bonus. If you must get an all-in-one privacy nightmare of a phone, at least do it on technological merits, not because their logo star-strikes people all Gucci like.

“We need more technology companies that are willing to take public, principled stands in defense of our private lives, but these same companies should follow through with technical transparency, not just statements.”

Sam, I don’t think you’ll get another major company to do this. It all comes down to money. Its much less risk and more profitable to be in cahoots with the governments that control access to your markets than this choice that Apple has made (it’s why nobody else is doing it – & why some like Microsoft are willing partners with the governments).

Depending on private industry to not be in cahoots with the governments is a strategy doomed to fail – cause the risk and money are on the other side of the choice and business (for the most part) has no conscience.

Apple’s commitment to this, if its still there after the Administration’s raking them over the coals, is probably only temporary until the current CEO is eventually replaced by someone who sees the light (or laws are passed that force it). The only somewhat plausible method (besides the govt ensuring privacy) that could carry on beyond a CEO would be Apple using open source firmware, software and hardware designs so the products can be privately audited and validated.

The only true solution to having privacy is to have laws that demand it and a government that supports / protects it – all of which (at least here in the U.S.) has been burned to the ground by our politicians since the start of this century with the current Administration closing the door on the way back that was there. JMHO…

I suppose there are those who believe the tech companies about encryption and their claim of concern for our privacy. I do not. The tech companies gleefully worked hand in glove with NSA et al prior to the disclosures of their programs. Then, when found out they lied. After that they went on their PR campaigns about their new encryption and all the rest. Frankly, given the track records and behaviors of the the transnational digital corporations I find it hard to believe that any rational person would trust them for one second.

Not only do phone companies do this, but they also share your telephone contact lists with their business partners such as Twitter, Facebook and LinkedIn.

On several occasions, I have had people ‘suggested’ to me via LinkedIn that I know from outside the business environment and whom I have had limited contact with in social situations. I have had no business dealing with them, no email contact with them. I had only placed their telephone number in my cell phone when we met.

After that, those persons were ‘suggested’ to me in LinkedIn as someone to linkin with. LinkedIn has a numerical value under a person’s name showing how many common connections you have.

Under all these individuals, I had no common connections. I do not have their email contact information. Yet, within 48 hours of entering their telephone numbers into my cell phone, these persons were ‘suggested’ to me to connect with.

My carrier is Verizon. And Verizon shares your cell phone contacts list with the various partners I’ve mentioned if you use their online backup assistant. Even after check all the privacy functions for them NOT to share my information (which is the default if you don’t change it) they still share data.

I know this to be true as I have placed the most restrictive actions on my personal data, yet new names are being suggested to me when I input a new person’s cellphone number.

When I complained, they simply give a canned response of “We take privacy very seriously, and follow our terms of Privacy”.

hmm.
Their ambition is to play “social matchmaker”. Swell – in a world of competing for resources and life support, what people need is “matches” to hook up with to conspire together to better compete? Or perhaps these ficititious matches are simply your virtual competitor looking to gleen information from you so they can frontrun your business deals and customers.

Business persons who use proprietary software and keep indexes or logs on corparate devices or systems with corporat software are asking to be robbed. It has gotten so bad (http://www.businessinsider.com/yahoo-massive-hack-2016-9) that the average person who gives personal information to pretty much any business is going to be impersonated, conned and, THEIR CONTACTS WILL BE CONNED BY THIEVES PRETENDING TO BE THEM.

In a way, this is metadata (i.e. who “may” talk with whom, when). Former CIA director Michael Hayden said: ‘We kill people based on metadata’. The debate on end-to-end encryption is moot, metadata is all they need (and have ever needed since the times of plain old telephone service). Messaging providers cannot encrypt metadata (by design), and there isn’t a single US-based provider (including Whatsapp, Signal) that has denied providing state agencies with metadata upon request (Nat. Sec. Letters, subpoenas…)
The only way you can protect your metadata from US-based agencies is by staying away from US providers and get your messaging application from a more neutral country, e.g. Switzerland.

In a way, this is metadata (i.e. who “may” talk with whom, when). Former CIA director Michael Hayden said: ‘We kill people based on metadata’. The debate on end-to-end encryption is moot, metadata is all they need (and have ever needed since the times of plain old telephone service). Messaging providers cannot encrypt metadata (by design), and there isn’t a single US-based provider (including Whatsapp, Signal) that has denied providing state agencies with metadata upon request (Nat. Sec. Letters, subpoenas…)
The only way you can protect your metadata from US-based agencies is by staying away from US providers and get your messaging application from a more neutral country, e.g. Switzerland.

I’d like to see pressure brought to bear on the Cable Company ISPs to provide VPN service to their customers. A basic VPN package should be available as an add-on. This would go a long way toward increasing user privacy. The ISPs should also upgrade their EMAIL services, which are pathetic. Perhaps a boycott or legislation?

A proper messaging app shouldn’t rely on the device provider. You need another level of indirection. Something like Tor for Texting combined with Google Voice (which includes SMS texting abilities)

Secure communications on the internet do not exist. Communication services that proclaim they are secure are at best a deterrence to mass surveillance at worst a lure for getting people to divulge information that otherwise would need countless black site torture chambers for the Total Information Awareness system to collect in their Iron Net.

The whole Certificate Authority system that is supposed to protect internet transactions has been totally corrupted by nation state intelligence agencies. Your VPN can easily be spied on by a man in the middle firmware downloaded to your device with counterfeit credentials.